Symfony2 Infinite Redirect Loop with schemes routing setting

Question

I have the following controller with routing annotation:

/**
 * @Route("/checkout/", name="checkout", schemes = "https")
 */
public function indexAction(Request $request)
{
    //...do stuff
}

This works fine on my development server, however, on my production server, I get an infinite redirect route. I looked through the logs and it is caused by Symfony, not Apache. It does this over and over until my browser stops:

[2014-10-28 17:32:28] request.INFO: Matched route "checkout" (parameters: "_controller": "Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction", "path": "/checkout/", "permanent": "true", "scheme": "https", "httpPort": "80", "httpsPort": "443", "_route": "checkout") [] []

It doesn't make sense because the page requested IS via HTTPS:

https://example.com/checkout/

I have no access_control settings in security.yml that cover this. The weird thing is that all the other controllers that don't use the "schemes = "https" work.

Answer 1

It is possible that your Symfony app is behind a proxy / load balancer which terminates SSL (haproxy, nginx). Those proxies usually add a special header to tell the app that the original request was sent via HTTPS. The problem is that Symfony ignores this header as it is too easy to spoof.

To fix it add the following line to your web/app.php after $request is initiated:

// Trust all requests as they can only come from the load balancer
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));

This will tell Symfony that it can trust the schema header and redirect to HTTPS is not needed.

Answer 2

Turns out by having my SSL configuration set at the server level instead of at the VirtualHost level that Apache was not setting the PHP Server variable "HTTPS", even though HTTPS was being used. This is the variable that Symfony uses to determine if a request is secure or not. By adding the various SSL directives directly into my VirtualHost entry, the problem is solved. Hope this helps someone.